Chinese malware database handed over to security companies

Helping the global fight against the world's largest source of malware

By Owen Fletcher

July 2, 2009

IDG News Service

Share

Twitter

Facebook

LinkedIn

Google Plus

A massive database of Chinese malware has been opened up to other security companies.

Beijing-based KnownSec gathered the viruses and other information with a crawler that scans nearly two million Chinese webites each day, said Zhao Wei, CEO of the security company. He planned to give a presentation on the subject at the Forum of Incident Response and Security Teams (FIRST) security conference in Kyoto, Japan later this week.

The database covers more Chinese websites and provides more up-to-date information about their security than any other, Zhao said. China produces most of the world's malware, he added.

A history for each site in the database lists dates of malware infection, the strings of malicious code placed on the sites and which anti-virus products defend viewers against their attacks. The database also stores tens of thousands of viruses found being distributed by the sites.

KnownSec each day finds more than 100 Trojan downloader files that have never been seen before, Zhao said. Each of those can direct a victim's PC to download up to ten viruses.

The database also has a list of websites that are currently compromised. Only about half of the newly infected sites KnownSec finds each day are also listed by Google as dangerous, said Zhao.

Google labels search results it has found to be potentially dangerous during scans of its index. When asked for comment, a Google spokeswoman said organisations need to work together to identify online threats and stamp them out.

Security companies and national computer emergency response teams can request access to the KnownSec database, Zhao said. Security companies could use the information to shield users of their anti-virus programs against new malware threats, he said.

"We cannot realise the role of this data by just keeping it," Zhao said.

Separately, security vendor McAfee has seen a rise in malware from China in recent months, said Prabhat Singh, McAfee's senior director of Avert operations in the Asia Pacific.

The amount of malware Chinese internet users reported to McAfee in the last six months was nearly 80 per cent the amount reported in all of 2008, Singh said. At that growth rate, the amount of malware seen in China this year could double over last year, he said.

Password-stealing Trojans were the dominant type of malware in China in the first quarter this year, said Singh. Many specifically try to steal account passwords for online games, which are extremely popular in China, he said. An attacker can strip a game account of equipment like weapons and armor and sell them for cash.

About one in four Chinese websites currently has a malicious reputation, Singh said. That may not mean the site owners themselves are malicious, but that attackers have compromised the sites and are using them to distribute malware.

Phishing is also on the rise in China, Singh said. China hosted the second-highest number of phishing sites in the world in the last quarter, mainly targeting Chinese bank users, he said.